Rediger

Del via


Configure and use Always Encrypted with secure enclaves

Applies to: SQL Server 2019 (15.x) and later - Windows only Azure SQL Database

Always Encrypted with secure enclaves extends the existing Always Encrypted feature to enable richer functionality on sensitive data while keeping the data confidential. This article lists common tasks for configuring and using the feature.

For tutorials that show you how to quickly get started with Always Encrypted with secure enclaves, see:

Set up the secure enclave and attestation

Before you can use Always Encrypted with secure enclaves, you need to configure your environment to ensure the secure enclave is available for the database. You might also need to set up enclave attestation, if applicable.

The process for setting up your environment depends on whether you're using SQL Server 2019 (15.x) and later or Azure SQL Database.

Set up the secure enclave and attestation in SQL Server

To set up Always Encrypted with secure enclaves without attestation, see:

To set up Always Encrypted with secure enclaves and attestation, see:

Set up the secure enclave and attestation in Azure SQL Database

For details, see the following articles:

Important

VBS enclaves in Azure SQL Database do not support attestation. Configuring Azure Attestation only applies to Intel SGX enclaves.

Manage keys for Always Encrypted with secure enclaves

Configure columns with Always Encrypted with secure enclaves

Run Transact-SQL statements using secure enclaves

Create and use indexes on enclave-enabled columns

Develop applications using Always Encrypted with secure enclaves

See also